VentureBeat reports that while several news outlets have noted that a new remote code execution flaw in the widely-used Spring Core Java framework dubbed "SpringShell" may be the "next Log4Shell" vulnerability, it may not be as severe.

The Hive ransomware gang has been leveraging a novel obfuscation approach involving IPv4 addresses and numerous conversions resulting in Cobalt Strike beacon downloads, BleepingComputer reports.

SentinelOne researchers discover malware likely designed to wipe modems — contradicting the legitimate commands explanation from Viasat.

A Texas judge ruled that class-actions against SolarWinds, its CISO Tim Brown and two private equity investors may proceed, while dismissing actions against former CEO Kevin Thompson for misleading investors and selling millions in company stock right before the breach was disclosed.

Threat actors only spent an average of 12 days exploiting software vulnerabilities in 2021, compared with 42 days in 2020, with the 71% decline in time to known exploitation attributed to the significant increase in zero-day attacks.